Some or all of the information on this page might not apply to Cloud de Confiance by S3NS. See Differences from Google Cloud for more details.

Class IdTokenVerifier (1.32.1)

public class IdTokenVerifier

Beta
Thread-safe ID token verifier based on ID Token Validation.

Call #verify(IdToken) to verify a ID token. This is a light-weight object, so you may use a new instance for each configuration of expected issuer and trusted client IDs. Sample usage:

IdTokenVerifier verifier = new IdTokenVerifier.Builder() .setIssuer("issuer.example.com") .setAudience(Arrays.asList("myClientId")) .build(); ... if (!verifier.verify(idToken)) {...}

Note that #verify(IdToken) only implements a subset of the verification steps, mostly just the MUST steps. Please read <a href="http://openid.net/specs/openid-connect-basic-1_0-27.html#id.token.validation>ID Token Validation for the full list of verification steps.

Inheritance

java.lang.Object > IdTokenVerifier

Inherited Members

Object.clone()

Object.equals(Object)

Object.finalize()

Object.getClass()

Object.hashCode()

Object.notify()

Object.notifyAll()

Object.toString()

Object.wait()

Object.wait(long)

Object.wait(long,int)

Constructors

IdTokenVerifier()

public IdTokenVerifier()

IdTokenVerifier(IdTokenVerifier.Builder builder)

protected IdTokenVerifier(IdTokenVerifier.Builder builder)

Parameter

Name	Description
builder	`IdTokenVerifier.Builder` builder

Fields

DEFAULT_TIME_SKEW_SECONDS

public static final long DEFAULT_TIME_SKEW_SECONDS

Default value for seconds of time skew to accept when verifying time (5 minutes).

Field Value

Type	Description
long

Methods

getAcceptableTimeSkewSeconds()

public final long getAcceptableTimeSkewSeconds()

Returns the seconds of time skew to accept when verifying time.

Returns

Type	Description
long

getAudience()

public final Collection<String> getAudience()

Returns the unmodifiable list of trusted audience client IDs or null to suppress the audience check.

Returns

Type	Description
Collection<String>

getClock()

public final Clock getClock()

Returns the clock.

Returns

Type	Description
com.google.api.client.util.Clock

getIssuer()

public final String getIssuer()

Returns the first of equivalent expected issuers or null if issuer check suppressed.

Returns

Type	Description
String

getIssuers()

public final Collection<String> getIssuers()

Returns the equivalent expected issuers or null if issuer check suppressed.

Returns

Type	Description
Collection<String>

verify(IdToken idToken)

public boolean verify(IdToken idToken)

Verifies that the given ID token is valid using the cached public keys.

It verifies:

The issuer is one of #getIssuers() by calling IdToken#verifyIssuer(String).
The audience is one of #getAudience() by calling IdToken#verifyAudience(Collection).
The current time against the issued at and expiration time, using the #getClock() and allowing for a time skew specified in #getAcceptableTimeSkewSeconds() , by calling IdToken#verifyTime(long, long).

Overriding is allowed, but it must call the super implementation.

Parameter

Name	Description
idToken	`IdToken` ID token

Returns

Type	Description
boolean	`true` if verified successfully or `false` if failed